Insecure Direct Object Reference in PHPGURUKUL Online Shopping Portal
CVE-2025-65647

4.3MEDIUM

Key Information:

Vendor

PHPGURUKUL
Status
PHPGURUKUL Online Shopping Portal
Vendor
CVE Published:
25 November 2025

What is CVE-2025-65647?

An insecure direct object reference vulnerability in the Track Order function of the PHPGURUKUL Online Shopping Portal version 2.1 allows unauthorized users to access sensitive information through manipulation of the oid parameter, posing significant risks for data security and privacy.

References

https://phpgurukul.com/
https://github.com/SachuuZ/CVE/tree/main/CVE-2025-65647

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.